How to close access from outside to the mongodb?

Good time of day. Trying to close access from outside to the mongodb, but nothing happens.

Config:
# mongodb.conf

# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/

# where to write logging data.
systemlog parameter:
 destination: file
 logAppend: true
 path: /var/log/mongodb.log

# Where and how to store data.
storage:
 dbPath: /var/db/mongodb
journal:
 enabled: true

# network interfaces
net:
 port: 27017
 bindIp: 127.0.0.1


Logs:
2017-05-11T00:06:18.090+0300 I CONTROL [initandlisten] MongoDB starting : pid=56378 port=27017 dbpath=/var/db/mongodb 64-bit host=xxx
2017-05-11T00:06:18.090+0300 I CONTROL [initandlisten] db version v3.2.11
2017-05-11T00:06:18.090+0300 I CONTROL [initandlisten] git version: 009580ad490190ba33d1c6253ebd8d91808923e4
2017-05-11T00:06:18.090+0300 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.2 j-freebsd 26 Sep 2016
2017-05-11T00:06:18.090+0300 I CONTROL [initandlisten] allocator: system
2017-05-11T00:06:18.090+0300 I CONTROL [initandlisten] modules: none
2017-05-11T00:06:18.090+0300 I CONTROL [initandlisten] build environment:
2017-05-11T00:06:18.090+0300 I CONTROL [initandlisten] distarch: x86_64
2017-05-11T00:06:18.091+0300 I CONTROL [initandlisten] target_arch: x86_64
2017-05-11T00:06:18.091+0300 I CONTROL [initandlisten] options: { config: "/usr/local/etc/mongodb.conf", net: { bindIp: "127.0.0.1", port: 27017 }, storage: { dbPath: "/var/db/mongodb", journal: { enabled: true } }, systemlog parameter: { destination: "file", logAppend: true, path: "/var/log/mongodb.log" } }
2017-05-11T00:06:18.091+0300 I - [initandlisten] Detected data files in /var/db/mongodb created by the 'mmapv1' storage engine, so setting the active storage engine to mmapv1'.
2017-05-11T00:06:18.099+0300 I JOURNAL [initandlisten] journal dir=/var/db/mongodb/journal
2017-05-11T00:06:18.100+0300 I JOURNAL [initandlisten] recover : no journal files present, no recovery needed
2017-05-11T00:06:19.067+0300 I JOURNAL [durability] Durability thread started
2017-05-11T00:06:19.068+0300 I JOURNAL [journal writer] Journal writer thread started
2017-05-11T00:06:19.072+0300 I CONTROL [initandlisten] ** WARNING: soft rlimits too low. rlimits set to 10328 processes, 200000 files. Number of processes should be at least 100000 : 0.5 times number of files.
2017-05-11T00:06:19.074+0300 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/var/db/mongodb/diagnostic.data'
2017-05-11T00:06:19.074+0300 I NETWORK [HostnameCanonicalizationWorker] Starting worker hostname canonicalization
2017-05-11T00:06:19.085+0300 I NETWORK [initandlisten] waiting for connections on port 27017
2017-05-11T00:08:04.322+0300 I NETWORK [initandlisten] connection accepted from xxx.xxx.xxx.xxx:58529 #1 (1 connection now open)
2017-05-11T00:08:04.331+0300 I NETWORK [initandlisten] connection accepted from xxx.xxx.xxx.xxx:58530 #2 (2 connections now open)
2017-05-11T00:08:05.783+0300 I NETWORK [initandlisten] connection accepted from xxx.xxx.xxx.xxx:58531 #3 (3 connections now open)


However, connections from outside are coming. On another server with Debian this configuration worked, the connection was only with localhost.
June 26th 19 at 14:19
4 answers
June 26th 19 at 14:21
Solution
The problem was that the local interface was not assigned an IP address. Once appointed, monga began to listen to requests only from it. Thank you all for the help.
June 26th 19 at 14:23
I /usr/local/etc/mongodb.conf just 1 line
bind_ip = 127.0.0.1
And the team
ps ax | grep LISTEN
issues
LISTEN
127.0.0.1.27017 tcp4 0 0 *.*
Did not help, sockstat gives:
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
mongodb mongod 68798 6 tcp4 xxx.xxx.xxx.xxx:27017 *:*
mongodb mongod 68798 7 stream /tmp/mongodb-27017.sock
- earlene_Hudson commented on June 26th 19 at 14:26
: Write in the config file bind_ip = 127.0.0.1 but not as much as You have and restart Mongu. A wrong option can easily ignorethis. - alia98 commented on June 26th 19 at 14:29
: and tried, does not help. The impression that monga simply ignores this setting. - earlene_Hudson commented on June 26th 19 at 14:32
: wasn't it still exists and /etc/mongod.conf ? - alia98 commented on June 26th 19 at 14:35
: no, the file /etc/mongod.conf does not exist. On FreeBSD all differently, I just started to learn. I also changed the port in /usr/local/etc/mongodb.conf - worked on the changed port. That is, the configuration is loaded, in addition to port are accepted and other parameters (location logs, location database), but the option bindIp: 127.0.0.1 (or bind_ip = 127.0.0.1) will be ignored. - earlene_Hudson commented on June 26th 19 at 14:38
: This is an old format config Mong. Now they want YAML. From the perspective of new format config file, config from a friend is correct, there is bindIp: 127.0.0.1.

But YAML does not like tabs, so we need to check all the indents from the left edge, so there were spaces and not tabs. - Angelica.Russel commented on June 26th 19 at 14:41
: Thank you, I'll know - alia98 commented on June 26th 19 at 14:44
June 26th 19 at 14:25
Make sure that you have bindIp spaces, not a tab character.

And after running Mongo command output ipconfig and sockstat -4l in the Studio
Before bindIP 2 spaces, the output after running:

ipconfig
em0: flags=8843<up,broadcast,running,simplex,multicast> metric 0 mtu 1500
options=4208b<rxcsum,txcsum,vlan_mtu,vlan_hwcsum,wol_magic,vlan_hwtso>
 ether 00:30:48:dd:05:2e
 media: Ethernet autoselect
 status: no carrier
em1: flags=8943<up,broadcast,running,promisc,simplex,multicast> metric 0 mtu 1500
options=4208b<rxcsum,txcsum,vlan_mtu,vlan_hwcsum,wol_magic,vlan_hwtso>
 ether 00:30:48:dd:05:2f
 media: Ethernet autoselect (1000baseT <full-duplex>)
 status: active
lo0: flags=8049<up,loopback,running,multicast> metric 0 mtu 16384
options=600003<rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>
 groups: lo
em1.2: flags=8943<up,broadcast,running,promisc,simplex,multicast> metric 0 mtu 1500
 ether 00:30:48:dd:05:2f
 inet 195.110.xxx.xxx netmask 0xffffffff broadcast 195.110.xxx.xxx
 media: Ethernet autoselect (1000baseT <full-duplex>)
 status: active
 vlan: 2 vlanpcp: 0 parent interface: em1
 groups: vlan
em1.111: flags=8843<up,broadcast,running,simplex,multicast> metric 0 mtu 1500
 ether 00:30:48:dd:05:2f
 media: Ethernet autoselect (1000baseT <full-duplex>)
 status: active
 vlan: 111 vlanpcp: 0 parent interface: em1
 groups: vlan
bridge1: flags=8843<up,broadcast,running,simplex,multicast> metric 0 mtu 1500
 description: the em1.2
 ether 02:1e:27:1e:df:01
 groups: bridge
 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
 member: em1.2 flags=143<learning,discover,autoedge,autoptp>
 ifmaxaddr 0 port 4 priority 128 path cost 20000</learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></full-duplex></up,broadcast,running,simplex,multicast></full-duplex></up,broadcast,running,promisc,simplex,multicast></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwcsum,wol_magic,vlan_hwtso></up,broadcast,running,promisc,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwcsum,wol_magic,vlan_hwtso></up,broadcast,running,simplex,multicast>


sockstat -4l
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
mongodb mongod 76874 6 tcp4 195.110.xxx.xxx:27017 *:*
- earlene_Hudson commented on June 26th 19 at 14:28
Here is the config with the included display spaces:
67b43aa0104d46068f6476a7a927a7a0.png - alia98 commented on June 26th 19 at 14:31
June 26th 19 at 14:27
You are engaged in some nonsense. There is nothing wrong with that MongoDB listens to some interface.
Usually this is solved by configuring the firewall.
What you need to pay attention to is the authorization options
https://docs.mongodb.com/manual/reference/configur...
Sooner or later you will have to go beyond localhost and will have to configure authorization.

Find more questions by tags FreeBSDMongoDB